Amendment dated April 8, 2008 - 1 1 - VAINSTEIN, et al. 

Reply to Office Action of December 12, 2007 Appl. No. 10/676,474 

Remarks 

Claims 1-28 are presented for reconsideration, with claims 1, 14, 21, 27, and 28 
being the independent claims. Claims 1, 27, and 28 are amended to clarify the claimed 
invention. 

These changes are believed not to introduce any new matter, and their entry is 
respectfully requested. 

Based on the above amendments and the following remarks, Applicants 
respectfully request that the Examiner reconsider all outstanding rejections and that they 
be withdrawn. 

The Examiner is thanked for his time during a telephonic interview on February 
12, 2008, during which discussions with Applicants' representative, Randall K. Baldwin, 
it was clarified that the 35 U.S.C. § 101 rejections of claims 1-13 have not been 
withdrawn, despite a statement to the contrary on page 2 of the Office Action. 

Rejections under 35 U.S.C. § 101 

On page 3 of the Office Action, the Examiner rejected claims 1-13 as being 
allegedly directed towards non- statutory subject matter. On page 4 of the Office Action, 
the Examiner acknowledges that claims 1-13 are directed to systems, but states that 
Applicants' specification "provides intrinsic evidence that these claims are directed 
towards software alone." Applicants disagree and respectfully traverse for the reasons 
stated below. 

Applicants respectfully submit that the Examiner has misapplied the guidelines in 
making 35 U.S.C. § 101 rejections of claims 1-13. The sections of the USPTO "Interim 
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Guidelines for Examination of Patent Applications for Patent Subject Matter Eligibility" 
(Official Gazette notice of 22 November 2005), Annex IV quoted on page 2 of the Office 
Action address claims that recite a "computer-readable medium encoded with a computer 
program", "nothing but physical characteristics of a form of energy", "a signal encoded 
with functional descriptive material", and "a signal." Claims 1-13 recite document 
systems with a policy storage module and an access manager module configured to 
produce a useful, concrete, and tangible result. The modules recited in claims 1-13 are 
not forms of energy, computer-readable media encoded with a computer program, or 
signals. Paragraphs [0011]-[0020], [0036]-[0045], and [0093] of the specification 
disclose and support the document security systems as claimed in claims 1-13. Claims 1- 
13 recite document security systems that restrict access to secured documents, and thus 
provide a "useful, concrete, and tangible result" as required by 35 U.S.C. § 101. 

However, to expedite prosecution, Applicants have amended claim 1 herein to 
recite a document security system comprising two modules, a policy module that stores 
at least one process-driven security policy on a computer readable medium, and an 
access manager module that accesses and applies the stored security policy. 

Support for the amendments to claim 1 is found at least at paragraphs [0014], 
[0015], and [0093] of the instant specification. 

The USPTO "Interim Guidelines for Examination of Patent Applications for 
Patent Subject Matter Eligibility" (Official Gazette notice of 22 November 2005), Annex 
IV quoted on page 3 of the Office Action state that "When functional descriptive 
material is recorded on some computer-readable medium it becomes structurally and 
functionally interrelated to the medium and will be statutory in most cases since use of 
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technology permits the function of the descriptive material to be realized." Thus, claim 1 
recites statutory subject matter. Claims 2-13 depend upon claim 1. 

Accordingly, Applicants respectfully request that the Examiner reconsider and 
withdraw this rejection of claims 1-13. 

Rejections under 35 U.S.C § 102 

On page 6 of the Office Action, the Examiner rejected claims 1-6, 8, 9, and 1 1-28 
under 35 U.S.C. § 102(e) as being allegedly unpatentable in view of US Patent 
Application 2005/0028006 to Leser et al (20050028006 1 Al) ("Leser"). Applicants 
traverse for the reasons stated below. 

Claims 1-6, 8, 9, and 11-13 

Claims 1 recites features that distinguish over the applied reference. For 
example, claim 1 as amended herein recites recite a document security system for 
restricting access to secured documents, the system comprising: 



a policy module configured to store at least one process- 
driven security policy on a computer readable medium, 
wherein the policy includes a plurality of states and 
transition rules, and wherein each of the states is associated 
with one or more access restrictions, and wherein the 
transition rules specify circumstances under which a 
secured document is to transition from one state to another; 

and an access manager module configured to access the 
stored process-driven security policy and determine 
whether access to a secured document is permitted by a 
requestor based on the policy state associated therewith at 
the time access is requested and the corresponding one or 
more access restrictions thereof for the process-driven 
security policy. 
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On page 6 of the Office Action the Examiner asserts that Leser discloses all of 
the above-recited document security system features recited in claim 1 . Applicants 
respectfully disagree and traverse for the reasons stated below. 

Leser does not describe each and every element as set forth in claim 1 . For 
example, Applicants have examined the sections of Leser cited by the Examiner and 
other sections, and are unable to identify a disclosure of a document security system that 
stores, accesses, and applies at least one process-driven security policy that includes a 
plurality of states and transition rules, wherein each of the states is associated with one or 
more access restrictions, and wherein the transition rules specify circumstances under 
which a secured document is to transition from one state to another, as recited in claim 1 . 
Although Leser may disclose "a business process with two security alert states: normal 
and lock-down" (Leser, paragraph [0123]), Leser does not teach or suggest that the 
security alert states are part of a process-driven security policy that includes a plurality of 
states and transition rules, wherein the transition rules specify circumstances under 
which a secured document is to transition from one state to another, as recited in claim 1 . 
In Leser's system, "a set of log events" may be automatically applied when a "security 
knob" is set to a pre-defined setting by having "an authorized administrator perform the 
changes to the current business process" (Leser, paragraph [0125]). In contrast the 
transition rules recited in claim 1 specify circumstances under which a secured document 
is to transition from one state to another. Leser's two business process states are not 
analogous to the plurality of process-driven security policy states recited in claim 1 . 
While Leser may disclose that a "control policy" can specify usage rules that govern how 
protected data objects may be used, Leser's control policies are limited to specifying sets 
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of users and groups of users along with their respective privileges on the data objects 
(Leser, paragraph [0096]). In contrast, claim Vs process-driven security policy includes 
a plurality of states and transition rules, wherein each of the states is associated with one 
or more access restrictions, and wherein the transition rules specify circumstances under 
which a secured document is to transition from one state to another. Leser's control 
policy that includes users and their data object privileges within a two-state business 
process does not disclose a security policy that includes a plurality of states and 
transition rules, wherein each of the states is associated with one or more access 
restrictions, and wherein the transition rules specify circumstances under which a secured 
document is to transition from one state to another. In Leser, secured documents do not 
transition from one state to another as a result of a process-driven security policy; rather 
a business process is changed from a normal state to a lockdown state by an 
administrator or user (Leser, paragraphs [0125] and [0126]). 

Claim 1 recites secured documents transitioning from one state to another based 
upon process-driven security policy states with defined access restrictions and transition 
rules. Leser does not disclose a system that stores, accesses, and applies a process-driven 
security policy having specified access restrictions and transition rules, as recited in 
claim 1. 

Further, Applicants are unable to identify in Leser any disclosure of an access 
manager module that determines whether access to a secured document is permitted by a 
requestor based on the document state and the corresponding access restrictions, as 
recited in claim L On page 6 of the Office Action, the Examiner states that the functions 
of the above-recited access manager module of claim 1 are disclosed by Leser in 
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paragraph 0035. Although Leser may disclose a policy server that clients connect to 
when users on the client attempt to access protected data objects (Leser, paragraph 
[0035]), Leser does not disclose an access manager module that determines whether 
access to a secured document is permitted by a requestor based on the process-driven 
security policy's state and the corresponding access restrictions for the secured 
document, as recited in claim 1. Leser's process server contains a copy of a control 
policy, but as discussed above, the control policy is limited to specifying sets of users 
and groups of users along with their respective privileges on the data objects (Leser, 
paragraph [0096]). 

Therefore, for at least these reasons, the applied reference does not anticipate 
claim 1. Dependent claims 2-13, which depend upon independent claim 1, are allowable 
for at least being dependent from allowable independent claim 1, in addition to their own 
respective distinguishing features. See In Re Fine, 837 F.2d 1071 (Fed. Cir. 1988) and 
M.P.E.P. § 2143.03. 

Accordingly, Applicants respectfully request that the Examiner reconsider and 
withdraw the rejections of these claims, and find them allowable over the applied 
reference. 

Claims 14-20 and 27 

Regarding the Examiner's statement on page 9 of the Office Action, in which the 
Examiner asserts that Leser discloses the document security method and computer 
readable medium recited in claims 14 and 27, respectively, Applicants disagree and 
traverse for the reasons stated below. 
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Leser does not describe each and every element as set forth in claims 14 and 27. 
For example, claims 14 and 27 recite a method and computer readable medium, 
respectively, for transitioning a secured document through a security-policy state 
machine having a plurality of states. Claim 14 further recites that the method includes 
receiving an event, determining whether the event causes a state transition for the 
secured document from a former state to a subsequent state, and automatically 
transitioning from the former state to the subsequent state of the security-policy state 
machine upon determination that the event causes the state transition. 

On page 9 of the Office Action, the Examiner maintains that Leser discloses the 
above-recited features of claims 14 and 27 in paragraphs 0122 and 0123. Leser does not 
teach or suggest transitioning secured documents from a former state to a subsequent 
state, as recited in claims 14 and 27. Leser lacks any teaching of transitioning a secured 
document through a security policy state machine, as recited in claims 14 and 27. As 
discussed above, Leser's business process is limited to two states that are changed by 
administrators or users and Leser's control policy does not transition secured documents 
from one state to another. While Leser may disclose that "security officers and business 
process owners" in an organization can define changes to the business process that 
"should go into effect whenever the business process is "under attack"" (Leser, 
paragraph [0123]), this under attack condition changes the business process and does not 
change the security state of a secured document based on event occurrence, as recited in 
claims 14 and 27. In contrast to changing secured document states, Leser merely alters a 
business process (Leser, paragraph [0123]). In contrast to the above-recited document 
transitioning of claims 1 4 and 27, Leser is limited to having users define changes to the 
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business process that "should go into effect when a business process is "under attack" or 
otherwise vulnerable" (Leser, paragraph [0123]). Altering a business process manually 
is not equivalent to transitioning a secured document through a security policy state 
machine, as recited in claims 14 and 27. 

Moreover, Leser does not disclose automatically transitioning a secured 
document's state from a former state to a subsequent state in a security-policy state 
machine when an event causes a state transition, as recited in claims 14 and 27. In Leser, 
users or administrators transition a business process from a normal state to a lockdown 
state based upon an occurrence of an event (Leser, paragraphs [0123-0126]), but Leser 
neither teaches nor suggests transitioning a secured document state based solely upon an 
event, as recited in claims 14 and 27. Claim 14 f s method and claim 27's computer 
readable medium transitions a secured document's state from a former state to a 
subsequent when an event causes a state transition. In contrast, Leser discloses that users 
define changes to a two-state business process that should go into effect when the 
business process is vulnerable (Leser, paragraph [0123]). Leser's business process 
transitions from one state to another only when the business process owner enters or 
exits the "lock-down" security state (Leser, paragraph [0124]). In contrast, claims 14 and 
27 automatically transition a document's security state based on events. 

Therefore, for at least these reasons, the applied reference does not anticipate 
claims 14 and 27. Also, at least based on their respective dependencies to claim 14, 
claims 15-20 should be found allowable, as well as for their additional respective 
distinguishing features. Accordingly, Applicants respectfully request that the Examiner 
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reconsider and withdraw the rejections of these claims, and find them allowable over the 
applied reference. 



Claims 21-26 and 28 

On page 12 of the Office Action the Examiner asserts that Leser discloses the 
document security method and computer readable medium recited in claims 21 and 28, 
respectively. Applicants disagree and traverse for the reasons stated below. 

Leser does not describe each and every element as set forth in claims 21 and 28. 

For example, claims 21 and 28 recite a method and computer readable medium, 

respectively, that: 

provide at least one process-driven security policy at a 
server computer, wherein the process-driven security 
policy is associated with a plurality of states, and wherein 
each of the states has distinct access restrictions; 

provide a reference to the process-driven security policy to 
at a client computer, the reference referring to the process- 
driven security policy resident on the server computer; 

associate the reference to an electronic document; 
transitioning the process-driven security policy from one 
state to a current state; and 

determine at the server computer whether a requestor is 
permitted to access the electronic document, the access 
being based on a current state of the process-driven 
security policy, the current state being informed to the 
server computer by sending the reference to the server 
computer. 

On pages 12 and 13 of the Office Action, the Examiner maintains that Leser 
discloses the above-recited features of claims 21 and 28 in paragraphs 0029, 0030, 0035, 



0039, 0040, 0073, 0096, 0097, and 0208. Applicants have examined the sections of 
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Leser cited by the Examiner and other sections, and are unable to identify a disclosure of 
determining at a server computer whether a requestor is permitted to access an electronic 
document, the access being based on a current state of the process-driven security policy, 
the current state being informed to the server computer by sending the reference to the 
server computer, as recited in claims 21 and 28. While Leser may disclose that an 
objective of the invention "is to is to provide a method and system for temporarily 
changing one or more control policies and then reverting back automatically to the 
original settings at some point in the future" (Leser, paragraph [0030]), as discussed 
above, Leser's control policies are limited to specifying sets of users along with their 
respective privileges on data objects (Leser, paragraph [0096]). Leser's control policies 
are not process-driven and are not used to determine at a server computer whether a 
requestor is permitted to access an electronic document, the access being based on a 
current state of the process-driven security policy, the current state being informed to the 
server computer by sending the reference to the server computer, as recited in claims 21 
and 28. 

Therefore, for at least these reasons, the applied reference does not anticipate 
claims 21 and 28. Also, at least based on their respective dependencies to claim 21, 
claims 22-26 should be found allowable, as well as for their additional respective 
distinguishing features. Accordingly, Applicants respectfully request that the Examiner 
reconsider and withdraw the rejections of these claims, and find them allowable over the 
applied reference. 
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Rejections under 35 U.S.C. § 103 

On page 14 of the Office Action, claim 7 is rejected under 35 U.S.C. §103 (a) as 

allegedly being unpatentable over Leser in view of the Examiner's assertion that "it 

would have been obvious at the time the invention was made to one of ordinary skill in 

the art to have a third alert state" in Leser. The Examiner concedes that Leser does not 

disclose a third state and second event that causes a transition from a second state to a 

third state, as recited in claim 7, but asserts that it would have been obvious to modify 

Leser based on paragraph [0127] of Leser which reads: 

Those of ordinary skill in the art should recognize the 
methods of extending this two-setting security knob 
example and implementation to one that implements an n- 
setting security knob, for any specific n greater than 2. 

While Leser may disclose that persons of skill in the art may be able to extend the 
two-setting security knob into more than two settings, Leser's security knob is limited to 
changing the state of a business policy and creating log events (Leser, paragraphs [0121- 
0125]). As discussed above, Leser's business policy states are not analogous to the 
plurality of states for the state-drive security policy recited in claim 7. 

On page 15 of the Office Action, claim 10 is rejected under 35 U.S.C. §103 (a) as 
allegedly being unpatentable over Leser in view of US Patent Application 2005/0028006 
to Li et al (20050028006 Al) ("Li"). Applicants respectfully traverse these rejections 
and request that these rejections be withdrawn and the claims be passed to allowance. 

Claims 7 and 10 depend on independent claim 1. As argued above, claim 1 is 
allowable over Leser. Also, at least based on their respective dependencies to claim 1 , 
claims 7 and 1 0 should be found allowable, as well as for their additional respective 
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distinguishing features. Accordingly, Applicants respectfully request that the Examiner 
reconsider and withdraw the rejections of these claims, and find them allowable over the 
applied reference. 

Information Disclosure Statement 

In response to the Examiner's request on page 2 of the Office Action that 
Applicants provide a copy of the NPL30 reference listed in the Information Disclosure 
Statement filed on October 29, 2007, a timely supplemental Information Disclosure 
Statement will be filed with the NPL30 reference. 

The Examiner is thanked for consideration of the other documents listed in the 
Information Disclosure Statements filed October 10 and 29, 2007. 
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Conclusion 



All of the stated grounds of rejection have been properly traversed, 
accommodated, or rendered moot. Applicants therefore respectfully request that the 
Examiner reconsider all presently outstanding rejections and that they be withdrawn. 
Applicants believe that a full and complete reply has been made to the outstanding 
Office Action and, as such, the present application is in condition for allowance. If the 
Examiner believes, for any reason, that personal communication will expedite 
prosecution of this application, the Examiner is invited to telephone the undersigned at 
the number provided. 

Prompt and favorable consideration of this Amendment and Reply is respectfully 
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